Security at GatherGrid

At GatherGrid, we take the security of your data seriously. This page outlines the measures we've implemented to protect your information and ensure our platform remains secure and reliable.

Data Encryption

We employ robust encryption protocols to safeguard your data:

In Transit: All data transmitted between your browser and our servers is secured using HTTPS/TLS encryption, preventing interception during transfer.
At Rest: Your data stored in our Supabase (PostgreSQL) database is protected with AES-256 encryption, the industry standard used by financial institutions and government agencies worldwide.
API Keys: We use secure API keys for authentication with Supabase. These keys are stored in environment variables, never exposed in our codebase or client-side applications.

Access Controls

Our comprehensive role-based access control (RBAC) system ensures that only authorized individuals can access specific data:

User Authentication: We implement secure email/password authentication through Supabase Auth, with industry-standard password security requirements.
Row-Level Security (RLS): Our database enforces strict policies at the row level, meaning users can only access data they're explicitly permitted to view.
Multi-Level Permissions: Different users have different access levels:
  • • Administrators: Full system access, user management, and data approval capabilities
  • • Regular Users: Specific view, edit, add, delete, initialize, and manage permissions based on their role
Master Administrators: Are protected from accidental permission changes, ensuring system continuity.
Approval Workflow: All new users must be approved by administrators before gaining access to the system.

Data Storage & Compliance

Primary Data Centers: GatherGrid's Supabase servers are located in Singapore.
Regional Storage: We can establish local instances for customers with specific regional requirements upon request.
Regulatory Compliance: We maintain compliance with relevant regional data protection regulations, including GDPR.
Data Retention & Deletion:
  • • When you close your account, your data is completely erased within 5 business days
  • • You can request complete data deletion at any time by contacting our support team

Third-Party Vendors

GatherGrid uses Supabase for database and authentication services. No other third-party vendors are involved in handling or processing your data.

Incident Response

Detection & Response: We maintain a comprehensive incident response plan to detect, investigate, and mitigate potential security threats.
Customer Notification: In the event of a data breach, we commit to notifying affected customers within 24 hours.
Dedicated Security Handling: Our team follows a structured response protocol to address security concerns promptly and effectively.

Employee Training & Access Control

Restricted Employee Access: Our employees' access to customer data is strictly limited to what is necessary to perform their job functions.
Security Training: All team members undergo regular security training to stay current with best practices and compliance requirements.

Security Audits & Penetration Testing

Regular Audits: We conduct periodic security audits to assess and enhance our system security.
Vulnerability Management: We follow a structured process to identify and remediate security risks in a timely manner.
Penetration Testing: We may engage external security specialists to evaluate our systems and identify potential vulnerabilities.